Are you not concerned about a CEO's abuse of users? What would it take to cross the line, in your mind, johncoltrane?
For example, suppose this happened on Hacker News. Would you leave if PG edited your comments? Other user's comments if you were sympathetic to them? Other user's comments that you disagreed with? Or do you lack any principle in this area?
There is a reason I phrased it as a question. Thanks for clarifying this; comment redirected to the downvoters who haven't seen fit to articulate a response.
Out of curiosity, what does one have achieve on HN in order to get downvoting ability in the first place?
EDIT: No, I clearly screwed this up by presuming and I apologize to johncoltrane for that.
It doesn't change that no downvoter, nor johncoltrane, has been able to justify their position. Are they against criticism of this kind on HN? Because I think that's a tenuous position. Do they believe it's not really a risk to users when CEO's set a tone by editing for their personal agenda, or that such isn't relevant to HN?
To me, those would be reasons not to upvote... but in this case, downvoting without comment suggests that these are simply liberals who dislike Trump supporters and cannot separate that from the involved principles.
Since both kinds of posts are commonly accepted at HN, I guess I'm curious if your tacit acceptance of Huffman's actions here is because he targeted Trump supporters? In other words, if he had targeted a different group would you be okay with them? Or am I misreading this and you genuinely feel that criticism of such services does not belong on HN?
While he shouldn't have done it, the fact that he did isn't really the issue for me. The fact that he was able to is a much bigger deal.
How is it that he was able to do this? Is it a standard ability granted to all admins? As a CEO, I wouldn't expect that editing user content is a part of his job, or that he would have access to the database to edit it directly, so I have to assume it is a standard permission.
The ability to delete posts I can understand - that's a normal administrative activity, and it's pretty harmless. Editing posts to make it appear as if a user said something they didn't is potentially incredibly harmful, especially since we have no idea how such a change is audited.
We live in an age where governments can and do routinely monitor online activity. Knowing that anything you post on Reddit could be edited without your knowledge or consent, and that you would appear to be responsible for that content, is an incredibly dangerous situation. Even if the change is logged as having been made by an admin, that only helps you if the authorities actually order Reddit to provide the logs. If they simply print out your post history as evidence against you, good luck convincing them that you weren't the author of that content.
Yes, it's a far fetched scenario, but we know now that it's possible. That makes Reddit an unsafe community to participate in.
I suspect some Reddit users take Reddit a lot more seriously than is warranted, but I still find this sentiment more than a bit odd.
What kind of architecture did you think they had where the CEO wouldn't be able to run some UPDATE statements against the live database? Were you expecting a system of three administrators with interlocking physical keys who all must be present in the flesh?
Did you think Reddit was put together by the people who write software for banks?
Is the principle of least privilege, rigorously and scrupulously applied, all the way up to and including the CEO, something that startup culture has somehow led you to expect?
I would certainly expect that any reasonably well managed company would have appropriate access controls in place, and yes, that includes the CEO not having direct access to a production database. You don't need to be a financial institution to observe basic security practices.
13 comments
[ 0.25 ms ] story [ 17.0 ms ] threadFor example, suppose this happened on Hacker News. Would you leave if PG edited your comments? Other user's comments if you were sympathetic to them? Other user's comments that you disagreed with? Or do you lack any principle in this area?
Out of curiosity, what does one have achieve on HN in order to get downvoting ability in the first place?
EDIT: No, I clearly screwed this up by presuming and I apologize to johncoltrane for that.
It doesn't change that no downvoter, nor johncoltrane, has been able to justify their position. Are they against criticism of this kind on HN? Because I think that's a tenuous position. Do they believe it's not really a risk to users when CEO's set a tone by editing for their personal agenda, or that such isn't relevant to HN?
To me, those would be reasons not to upvote... but in this case, downvoting without comment suggests that these are simply liberals who dislike Trump supporters and cannot separate that from the involved principles.
Since both kinds of posts are commonly accepted at HN, I guess I'm curious if your tacit acceptance of Huffman's actions here is because he targeted Trump supporters? In other words, if he had targeted a different group would you be okay with them? Or am I misreading this and you genuinely feel that criticism of such services does not belong on HN?
How is it that he was able to do this? Is it a standard ability granted to all admins? As a CEO, I wouldn't expect that editing user content is a part of his job, or that he would have access to the database to edit it directly, so I have to assume it is a standard permission.
The ability to delete posts I can understand - that's a normal administrative activity, and it's pretty harmless. Editing posts to make it appear as if a user said something they didn't is potentially incredibly harmful, especially since we have no idea how such a change is audited.
We live in an age where governments can and do routinely monitor online activity. Knowing that anything you post on Reddit could be edited without your knowledge or consent, and that you would appear to be responsible for that content, is an incredibly dangerous situation. Even if the change is logged as having been made by an admin, that only helps you if the authorities actually order Reddit to provide the logs. If they simply print out your post history as evidence against you, good luck convincing them that you weren't the author of that content.
Yes, it's a far fetched scenario, but we know now that it's possible. That makes Reddit an unsafe community to participate in.
I suspect some Reddit users take Reddit a lot more seriously than is warranted, but I still find this sentiment more than a bit odd.
What kind of architecture did you think they had where the CEO wouldn't be able to run some UPDATE statements against the live database? Were you expecting a system of three administrators with interlocking physical keys who all must be present in the flesh?
Did you think Reddit was put together by the people who write software for banks?
Is the principle of least privilege, rigorously and scrupulously applied, all the way up to and including the CEO, something that startup culture has somehow led you to expect?